Is there a 'best practice' recommendation by Quest/Dell how to operate Q1IM in such a quite common scenario as follows?
Consider a person having more than one account within one SAP system (or within one AD domain, which works just as well). Now consider that someone is using IT Shop in order for this person to request membership in some target system group, e.g. some SAP role (or AD group, for that matter). If the user accounts are linked to the same Person object via the UID_Person column of table SAPUser (or ADSAccount, respectively), then Q1IM will assign the requested entitlement to *all* user accounts of the person, which is usually not desirable! When placing an order in IT Shop, it should be possible to specify for which person and for which account the requested entitlement is meant to be given. Is there a configurable setup within the standard product how such a behaviour can be accomplished? If not, what are the recommended steps for customization, e.g. which standard process chains need to be modified, or is there even a need to change the algorithm run by the DBScheduler for computing the inherited entitlements of a person?
Again, I consider this a quite common scenario in the IAM world for which Quest/Dell should have a solution ready at hand. Or may I ask existing Q1IM customers how they have overcome this problem...? Suggestions are welcome! 